Changeset 211067 in webkit

Timestamp:

Jan 23, 2017 3:26:55 PM (7 years ago)

Author:

achristensen@apple.com

Message:

URLParser should fail to parse percent-encoded invalid UTF-8 sequences
​https://bugs.webkit.org/show_bug.cgi?id=167330
Source/WebCore:

<rdar://problem/29319962>

Reviewed by Tim Horton.

Covered by new API tests.

• platform/URLParser.cpp:

(WebCore::containsOnlyASCII):
(WebCore::URLParser::parseHostAndPort):
If UTF-8 decoding fails after percent-decoding the host, fail to parse.
This matches Chrome and Firefox, and it was proposed to the spec in ​https://github.com/whatwg/url/issues/215

Tools:

Reviewed by Tim Horton.

• TestWebKitAPI/Tests/WebCore/URLParser.cpp:

(TestWebKitAPI::TEST_F):

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/URLParser.cpp (modified) (2 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-01-23  Alex Christensen  <achristensen@webkit.org>
+
+        URLParser should fail to parse percent-encoded invalid UTF-8 sequences
+        https://bugs.webkit.org/show_bug.cgi?id=167330
+        <rdar://problem/29319962>
+
+        Reviewed by Tim Horton.
+
+        Covered by new API tests.
+
+        * platform/URLParser.cpp:
+        (WebCore::containsOnlyASCII):
+        (WebCore::URLParser::parseHostAndPort):
+        If UTF-8 decoding fails after percent-decoding the host, fail to parse.
+        This matches Chrome and Firefox, and it was proposed to the spec in https://github.com/whatwg/url/issues/215
+
 2017-01-23  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/platform/URLParser.cpp

@@ -2465 +2465 @@
 ALWAYS_INLINE static bool containsOnlyASCII(const String& string)
 {
+    ASSERT(!string.isNull());
     if (string.is8Bit())
         return charactersAreAllASCII(string.characters8(), string.length());
@@ -2682 +2683 @@
     Vector<LChar, defaultInlineBufferSize> percentDecoded = percentDecode(utf8Encoded.data(), utf8Encoded.size(), hostBegin);
     String domain = String::fromUTF8(percentDecoded.data(), percentDecoded.size());
+    if (domain.isNull())
+        return false;
     if (domain != StringView(percentDecoded.data(), percentDecoded.size()))
         syntaxViolation(hostBegin);

trunk/Tools/ChangeLog

@@ +1 @@
+2017-01-23  Alex Christensen  <achristensen@webkit.org>
+
+        URLParser should fail to parse percent-encoded invalid UTF-8 sequences
+        https://bugs.webkit.org/show_bug.cgi?id=167330
+
+        Reviewed by Tim Horton.
+
+        * TestWebKitAPI/Tests/WebCore/URLParser.cpp:
+        (TestWebKitAPI::TEST_F):
+
 2017-01-23  Alex Christensen  <achristensen@webkit.org>
 

trunk/Tools/TestWebKitAPI/Tests/WebCore/URLParser.cpp

@@ -788 +788 @@
         {"file", "", "", "", 0, "/pAtH/", "", "", "file:///pAtH/"},
         {"file", "", "", "", 0, "pAtH/", "", "", "file://pAtH/"});
-    
+    checkURLDifferences("http://example.com%A0",
+        {"", "", "", "", 0, "", "", "", "http://example.com%A0"},
+        {"http", "", "", "example.com%a0", 0, "/", "", "", "http://example.com%a0/"});
+    checkURLDifferences("http://%E2%98%83",
+        {"http", "", "", "xn--n3h", 0, "/", "", "", "http://xn--n3h/"},
+        {"http", "", "", "%e2%98%83", 0, "/", "", "", "http://%e2%98%83/"});
     checkURLDifferences("http://host%73",
         {"http", "", "", "hosts", 0, "/", "", "", "http://hosts/"},